So we want to go a different route to move accounts to a different forest that are both sharing the same public email address space (publicdomain.com). (We have 2 forests with a trust between them)
Initially we were wanting to move a domain account and the associated Exchange mailbox from ForestA.com to ForestB.Com with the following process (And it was succeeding)
1. .\prepare-moverequest -identity "Mailtest@publicdomain.com" -RemoteForestDomainController "RDC.ForestA.com" -RemoteForestCredential $rcred -LocalForestDomainController "LDC.FORESTB.COM"
-LocalForestCredential $LocalCredentials -TargetMailUserOU "OU=MailMigration, DC=FORESTB,DC=COM" –UseLocalObject –Verbose
“1 MAILBOX(S) ready to move.” --- This queues up the mailbox for move
2. new-moverequest -Identity "mailtest@publicdomain.com" -Remote -TargetDatabase 'EX2013-DBDESTINATION' -RemoteGlobalCatalog "RDC.ForestA.com" -remotehostname "mail1.ForestA.com" -remotecredential
$rcred -targetdeliverydomain "ForestB.com"
This command starts and completes the migration process successfully.
3. Next we moved SID History and group memberships etc for the user account over using ADMT and ran a profile transfer wizard tool to disjoin / rejoin a users workstation to the forestb.com side of the forest etc….
-------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------
The new process we wanted to perform was to do this in reverse. So:
Move SID History and group memberships etc for the user account over using ADMT and run a profile transfer wizard tool to disjoin / rejoin a users workstation to the forestb.com side of the forest etc….
1. ---This works and it creates the account on the forestb.com side of the forest, the user can login and access email from the mail server sitting on the foresta.com side of the domain and send / receive mail fine.
2. Next we tried to run the prepare-moverequest command -
.\prepare-moverequest -identity "Mailtest@publicdomain.com" -RemoteForestDomainController "RDC.ForestA.com" -RemoteForestCredential $rcred -LocalForestDomainController "LDC.FORESTB.COM"
-LocalForestCredential $LocalCredentials -TargetMailUserOU "OU=MailMigration, DC=FORESTB,DC=COM" –UseLocalObject –Verbose
We got some errors about not finding corresponding objects for group membership
WARNING: Cannot find corresponding object for CN=ACL_Check Log_Read,OU=Domain Groups,DC=Foresta,DC=COM in current forest. 'member' not updated.
It appears the X500 entry and the ProxyAddresses attributes did not move over to the new “Mailtest” account on the ForestB.com side.
Appending x500:/o=publicdomain/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=bcdc632372c44c3aaf1b0a62f8e38168-MTEST to proxyAddresses of New Object in Local forest.
Appending x500:/o=ArizonasChildren/ou=Exchange Administrative Group (FYDIBOHF23SPDLT)/cn=Recipients/cn=1033dc96a1594f96bca3ce58c63c8aed-MTEST1 to proxyAddresses of Object(CN=MTEST1,OU=Main Site,OU=Southern,OU=foresta,DC=com) in Source forest
The strange thing that happens during this step is the prepare-moverequest process is creating a disabled “Additional account object” with a lot of weird numbers after it in the specified OU. Then the next command fails to queue up the mailbox for transfer
or move the mailbox…….
In this OU - OU=Main Site,OU=Southern,OU=foresta,DC=com I see an account named MTEST1933176688 in a disabled state. It has the correct attributes I want. But the original account that was already moved with ADMT before this whole process started does not have
the attributes I need.